An Enhanced ID-based Deniable Authentication Protocol on Pairings
|
|
- Joanna Caldwell
- 5 years ago
- Views:
Transcription
1 An Enhanced ID-based Deniable Authentication Protocol on Pairings Meng-Hui Lim*, Sanggon Lee**, Youngho Park***, Hoonjae Lee** *Department of Ubiquitous IT, Graduate school of Design & IT, Dongseo University, Busan , Korea **Department of Information & Communication, Dongseo University, Busan , Korea {nok60, ***School of Electronics and Electrical Engineering, Sangju National University, Sangju-Si, Gyeongsangbuk-do , Korea Abstract. Deniability is defined as a privacy property which enables protocol principals to deny their involvement after they had taken part in a particular protocol run. Lately, Chou et al. had proposed their ID-based deniable authentication protocol after proving the vulnerability to Key-Compromise Impersonation (KCI) attack in Cao et al. s protocol. In addition, they claimed that their protocol is not only secure, but also able to achieve both authenticity and deniability properties. However, in this paper, we demonstrate that Chou et al. protocol is not flawless as it remains insecure due to its susceptibility to the KCI attack. Based on this, we propose an enhanced scheme which will in fact preserves the authenticity, the deniability and the resistance against the KCI attack. 1 Introduction Nowadays, authentication had emerged to be an essential communication process in key establishment. In fact, the aim of this process is to assure the receiver by verifying the digital identity of the sender, especially when communicating via an insecure electronic channel. Authentication can be realized by the use of digital signature in which the signature (signer s private key) is tied to the signer as well as the message being signed. This digital signature can later be verified easily by using the signer s public key. Hence, the signer will not be able to deny his participation in this communication. Generally, this notion is known as non-repudiation. However, under certain circumstances such as electronic voting system, online shopping and negotiation over the internet, the non-repudiation property is undesirable. It is important to note that in these applications, the sender s identity should be revealed only to the intended receiver. Therefore, a significant requirement for the protocol is to enable a receiver to identify the source of a given message, and at the same time, unable to convince to a third party on the identity of the sender even if the receiver reveal his own secret key to the third party. This protocol is known as deniable authentication protocol.
2 In the past several years, numerous deniable authentication protocols have been proposed but many of them have also been proven to be vulnerable to various cryptanalytic attacks [6, 7, 15, 16]. The concept of deniable authentication protocol was initially introduced by Dwork et al. [9], which is based on the concurrent zero knowledge proof. However, this scheme requires a timing constraint. Not only that, the proof of knowledge is also time-consuming [8]. Another notable scheme which was developed by Aumann and Rabin [1, 2] is based on the intractability of the factoring problem, in which a set of public data is needed to authenticate one bit of a given message. Few years later, Deng et al. [8] have proposed two deniable authentication schemes based on Aumaan and Rabin s scheme. The proposed schemes are based on the intractability of the factoring problem and the logarithm problem. However, in 2006, Zhu et al. [16] have successfully demonstrated the Manin-the-Middle attack against Aumann and Rabin s scheme and this indirectly results in an insecure implementation of Deng et al. s schemes. In 2003, Boyd and Mao [4] have proposed another 2 deniable authenticated key establishment for Internet protocols based on elliptic curve cryptography. These schemes are believed to be able to solute the complexity of computation and appear to be more efficient than others but their vulnerability to KCI attack has been exploited by Chou et al. [6] in Besides that, Fan et al. [10] have proposed a simple deniable authentication protocol based on Diffie-Hellman key distribution protocol in Unfortunately, in 2005, Yoon et al. [15] have pointed out that their protocol suffers from the intruder masquerading attack and subsequently proposed their enhanced deniable authentication protocol based on Fan et al. s scheme. In addition, in 2005, Cao et al. [5] have proposed an efficient ID-based deniable authentication protocol which enables a dynamic shared secret to be derived as a session key. Unfortunately, in 2006, Yoon et al. s enhanced scheme and Cao et al. s scheme are proven to be impractical and susceptible to KCI attack respectively by Chou et al. [7]. Moreover, Chou et al. have proposed another new deniable authentication protocol [7] and they have claimed that their proposed protocol has achieved strong deniability as well as authenticity with great resistance against KCI attack. However, we discover that the analysis of resistance against the KCI attack in their proposed scheme is inadequate. Hence, in this paper, we will prove that Chou et al. s ID-based deniable authentication protocol on pairings remains insecure due to its vulnerability to the KCI attack. Besides that, we will also propose our improvements on this scheme in resisting the attack. The structure of this paper is organized as follows. In the next section, we will illustrate some basic properties of bilinear pairings and review Chou et al. s ID-based deniable authentication protocol. In Section 3, we will present our attack on Chou et al. s deniable authentication protocol. In Section 4, we will illustrate our improvements on Chou et al. s deniable authentication protocol and its associated security proofs. Last but not least, we will conclude this paper in Section 5.
3 2 Review of Chou et al. s Scheme In this section, we will introduce the basic properties of bilinear pairings, the Bilinear Diffie-Hellman Problem and the Discrete Logarithm Problem. Then, we will provide a brief review on Chou et al. s ID-based deniable authentication protocol. 2.1 Preliminary Let G 1 be a cyclic additive group of a large prime order, q and G 2 be a cyclic multiplicative group of the same order, q. Let e: G 1 x G 1 G 2 be a bilinear pairing with the following properties: a) Bilinearity: e(ap, bq) = e(p, Q) ab = e(abp, Q) (1) for any P, Q G 1, a, b Z q *. b) Non-degeneracy: There exists P, Q G 1 such that e(p,q) 1. c) Computability: There is an efficient algorithm to compute e(p,q) for any P, Q G 1. A bilinear map which satisfies all three properties above is considered as admissible bilinear. It is noted that the Weil and Tate pairings associated with the supersingular elliptic curves or abelian varieties, can be modified to create such bilinear maps. Now, we describe some mathematical problems: Bilinear Diffie-Hellman Problem (BDHP): Let G 1, G 2, P and e be as above with order q being prime. Given (P, ap, bp, cp) with a, b, c Z q *, compute e(p, P) abc G 2. An algorithm α is deemed to have an advantage ε in solving the BDHP in (G 1, G 2, e) based on the random choices of a, b, c in Z q * and the internal random operation of α if Pr[α((P, ap, bp, cp)) = e(p, P) abc ] ε. (2) Discrete Logarithm Problem (DLP): Suppose that we are given two groups of elements P and Q, such that Q = np. (3) Find the integer n whenever such an integer exists. Throughout this paper, we assume that BDHP is a hard computational problem such that there is no polynomial time algorithm to solve BDHP and DLP with nonnegligible probability. 2.2 Chou et al. s ID-based Deniable Authentication Protocol Suppose that two communication parties, Alice and Bob wish to communicate with each other. The Private Key Generator (PKG) picks a master key s Z q * and sets P pub = sp. (4)
4 For a given string ID {0, 1}*, the PKG computes the public key, and the private key, Q ID = H(ID) (5) S ID = sq ID, (6) where s is the master key. Hence, Alice and Bob s public/private key pairs are denoted as Q A /S A and Q B /S B respectively. Assume that all the hash functions employed in this protocol are collision-free. We describe Chou et al. s protocol as follows: Step 1. Alice chooses a random number, r A Z q *, computes u = r A Q A (7) and then sends (ID A, u) to Bob. Step 2. After receiving (ID A, u), Bob chooses a random number, r B Z q * and calculates and sends (ID B, f) to Alice. Step 3. After receiving (ID B, f), Alice computes h B = H(e(u, S B )), (8) f = h B r B, (9) h A = H(e(r A S A, Q B )), (10) r B = h A f, (11) X A = H(x A ), where x A = e(r B Q B, P pub ), (12) and subsequently computes the session key, Y A = H(y A ), where y A = e(r B S A, P), (13) K A = e(s A, Q B ) X A YA. (14) Suppose that m A is the message which Alice s would like to send together with her ID. She computes and sends (g A, m A ) to Bob. Step 4. After receiving (g A, m A ), Bob calculates Then, he computes the session key g A = H(ID B, m A, x A, y A, K A ) (15) X B = H(x B ), where x B = e(r B S B, P), (16) Y B = H(y B ), where y B = e(r B Q A, P pub ). (17) K B = e(q A, S B ) X B Y B. (18)
5 Finally, Bob computes g B = H(ID B, m A, x B, y B, K B ) (19) and compares whether g A = g B. If it does (does not), Bob accepts (rejects) the session key. Alice Bob Choose: r A Z q * Compute: u = r A Q A ID A, u Choose: r B Z q * Compute: h B = H(e(u, S B )) ID B, f Compute: f = h B r B Compute: h A = H(e(r A S A, Q B )) Compute: r B = h A f Compute: X A = H(x A ), Y A = H(y A ) where x A = e(r B Q B, P pub ), y A = e(r B S A, P) Compute: K A = e(s A, Q B ) X A Y A Compute: g A = H(ID B, m A, x A, y A, K A ) g A, m A Compute: X B = H(x B ), Y B = H(y B ) where x B = e(r B S B, P), y B = e(r B Q A, P pub ) Compute: K B = e(q A, S B ) X B Y B Compute: g B = H(ID B, m A, x B, y B, K B ) Check whether g A = g B Fig. 1. Chou et al. s ID-Based Deniable Authentication Protocol 3 Our Attack In this section, we will depict how Chou et al. s scheme can be intruded by using KCI Attack. In fact, this attack is deemed successful only if the adversary manages to
6 masquerade as another protocol principal to communicate with the victim after the victim s private key has been compromised. Alice (Eve) Bob Choose: r A Z q * Compute: u = r A Q A ID A, u Choose: r B Z q * Compute: h B = H(e(u, S B )) ID B, f Compute: f = h B r B Compute: h A = H(e(u, S B )) Compute: r B = h A f Compute: X A = H(x A ), Y A = H(y A ) where x A = e(r B Q B, P pub ), y A = e(r B Q A, P pub ) Compute: K A = e(q A, S B ) X A Y A Compute: g A = H(ID B, m A, x A, y A, K A ) g A, m A Compute: X B = H(x B ), Y B = H(y B ) where x B = e(r B S B, P), y B = e(r B Q A, P pub ) Compute: K B = e(q A, S B ) X B Y B Compute: g B = H(ID B, m A, x B, y B, K B ) Check whether g A = g B Fig. 2. KCI attack on Chou et al. s Scheme Assume that an adversary, Eve has the knowledge of Bob s private key S B and he intends to launch the KCI attack against Bob by pretending Alice to communicate with him. Hence, Eve is able to carry out his attack as follows: Step 1. Eve chooses a random number, r A Z q * and computes u from Eq. (7) by using r A. Then, he initiates the communication by sending (ID A, u ) to Bob. Step 2. After receiving (ID A, u ), Bob thought that Alice is trying to communicate with him. Then, he chooses a random number, r B Z q * and by using u, he calculates h B from Eq. (8) as well as f from Eq. (9). After that, he sends (ID B, f ) to Alice.
7 Step 3. After intercepting (ID B, f ), Eve attempts to compute h A, r B, X A, Y A, K A and g A. As Alice s secret key S A is unknown, Eve is unable to compute pairings which involve S A. However, it is crucial to note that: h A = e(r A S A, Q B ) = e(s(r A Q A ), Q B ) = e(r A Q A, sq B ) = e(u, S B ), (20) y A = e(r B S A, P)= e(s(r B Q A ), P) = e(r B Q A, sp) = e(r B Q A, P pub ), (21) K A = e(s A, Q B ) X A Y A = e(sq A, Q B ) X A Y A = e(q A, sq B ) X A Y A = e(q A, S B ) X A Y A. (22) Since u is originated from Eve and S B is known, he is then able to compute h A, r B, X A, Y A, K A and g A by using Eqs. (20), (11), (12), (21), (22) and (15) accordingly. Suppose that m A is the corrupted message which Eve would like to send to Bob by using Alice s ID. After g A is computed, he send (g A, m A ) over to Bob. Step 4. After receiving (g A, m A ), Bob calculates X B, Y B, the session key K B and g B by using Eqs. (16), (17), (18) and (19) respectively. Since g A and g B are always equal, Bob will eventually accept the session key and truly believes that he is communicating with Alice although he is in fact communicating with Eve. Hence, our KCI attack is successful. 4 Our Enhancement Scheme As we have noticed in the previous section, Chou et al. s scheme has fallen into the KCI attack mainly due to their failure in concealing the value of h B when S B is exposed. Once the adversary has obtained r B from h B, he is able to derive all the subsequent parameters as well as the valid session key. In other words, the values of h A and h B should be obscured even if S A or S B has been compromised so as to resist the KCI attack. 4.1 Protocol Improvement Description Now, we propose an enhanced ID-based deniable authentication protocol by introducing an extra parameter and a pair of equivalent modified hashed pairings v = r B Q B (23) h A = H(e(r A S A, r B Q B )) = H(e(r A S A, v)), (24) h B = H(e(r A Q A, r B S B )) = H(e(u, r B S B )) (25) in order to protect the values of h A and h B against the KCI attack. As similar to the previous scheme, our enhanced ID-based deniable authentication protocol can be described as follows: Step 1. Alice chooses a random number, r A Z q *, computes u from Eq. (7) and then, sends (ID A, u) to Bob.
8 Alice Bob Choose: r A Z q * Compute: u = r A Q A ID A, u Choose: r B Z q * Compute: v = r B Q B Compute: h B = H(e(u, r B S B )) ID B, f, v Compute: f = h B r B Compute: h A = H(e(r A S A, v)) Compute: r B = h A f Compute: X A = H(x A ), Y A = H(y A ) where x A = e(r B Q B, P pub ), y A = e(r B S A, P) Compute: K A = e(s A, Q B ) X A Y A Compute: g A = H(ID B, m A, x A, y A, K A ) g A, m A Compute: X B = H(x B ), Y B = H(y B ) where x B = e(r B S B, P), y B = e(r B Q A, P pub ) Compute: K B = e(q A, S B ) X B Y B Compute: g B = H(ID B, m A, x B, y B, K B ) Check whether g A = g B Fig. 3. Enhanced ID-Based Deniable Authentication Protocol Step 2. After receiving (ID A, u), Bob chooses a random number, r B Z q * and calculates v from Eq. (23) and h B from Eq. (25). Then Bob computes f from Eq. (9) and sends (ID B, f, v) to Alice. Step 3. After receiving (ID B, f, v), Alice computes h A from Eq. (24) and r B from Eq. (11). Then, she calculates X A, Y A, and the session key K A from Eqs. (12), (13) and (14) respectively. After that, she computes g A from Eq. (15) and sends (g A, m A ) to Bob eventually. Step 4. After receiving (g A, m A ), Bob calculates X B, Y B and the session key K B from Eqs. (16), (17) and (18) respectively. At last, he computes g B from Eq. (19) and checks whether g A = g B. If it does (does not), Bob accepts (rejects) the sesson key.
9 4.2 Protocol Security Analysis In this section, we will scrutinize our enhanced ID-based deniable authentication protocol in order to ensure that the security requirements for a deniable authentication protocol are satisfied. Lemma 1. Our enhanced protocol is deniable. Proof: Once (g A, m A ) is received in Step 4, Bob can easily identify the source of the message, m A since the message is integrated with Alice s ID. After verifying g A = g B, Bob can be assured that the message is originated from Alice. If Bob intends to expose the message sender s identity to a third party, Alice would be able to repudiate as she would argue that Bob could also generate (g A, m A ) by using his private key. Hence, the deniability property is satisfied. Lemma 2. Our enhanced protocol principal is able to authenticate the received message. Proof: Once (g A, m A ) is received, Bob is able to authenticate the message by comparing whether g A = g B. It is noted that the computation of g A is constituted from x A = e(r B Q B, P pub ), y A = e(r B S A, P), K A = e(s A, Q B ) X AY A and the computation of gb is constituted from x B = e(r B S B, P), y B = e(r B Q A, P pub ), K B = e(q A, S B ) X BY B. Since each g A and g B is a computational result of Alice and Bob s public/private key pairs, Bob can be assured that the message is originated from Alice. Hence, the authenticity property is satisfied. Lemma 3. The enhanced protocol is able to resist the KCI attack. Proof: The resistance of the enhanced protocol towards KCI attack is analyzed by considering the 2 scenarios below: a) Alice s private key, S A has been compromised. Initially, Alice chooses a random number r A, computes u from Eq. (7) and then sends (ID A, u) to Bob. Eve intercepts (ID A, u) and attempts to derive h A or h B so as to compute the session key. Eve chooses a random number, r B and calculates v from Eq. (23) by using r B. However, Eve is unable to compute h B from Eq. (25) as he does not know S B. Alternatively, Eve is also not capable of calculating h A from Eq. (24) because he has no knowledge about r A. Hence, the KCI attack fails. b) Bob s private key, S B has been compromised. Eve intends to masquerade as Alice to communicate with Bob. Eve initially chooses a random number r A, computes u from Eq. (7) by using r A and then, sends (ID A, u ) to Bob. Bob chooses a random number r B, and calculates v from Eq. (23) and h B from Eq. (25). Then Bob computes f from Eq. (9) and sends (ID B, f, v) back to Alice. Eve intercepts (ID B, f, v) and attempts to derive h A or h B. However, Eve is unable to compute h A from Eq. (24) as he does not know S A. Alternatively, Eve is also incapable of calculating h B from Eq. (25) because he has no knowledge about r B. Hence, the KCI attack fails. 5 Conclusion In this paper, we have pointed out the weakness of Chou et al. s ID-based deniable authentication protocol against KCI attack. Besides that, we have also demonstrated
10 our improvements by modifying one of the hashed pairings for each sender and receiver with a scalar multiplication in their scheme in order to resist the KCI attack. More significantly, we have carried out a detailed security analysis and we have proven our enhanced ID-based Deniable Authentication Protocol to be capable of preserving all the desired properties of an ID-based deniable authentication protocol. 6 Reference [1] Yonatan Aumann, Michael O. Rabin, Authentication, Enhanced Security and Error Correcting Codes (Extended Abstract). CRYPTO 1998, [2] Yonatan Aumann, Michael O. Rabin, Efficient Deniable Authentication of Long Messages, Int. Conf. on Theoretical Computer Science in honour of Professor Manuel Blum s 60th birthday, ( [3] D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, Advances in Cryptology-Crypto 2001, LNCS 2139, Springer-Verlag, 2001, pp [4] C. Boyd, W. Mao, K. G. Paterson. Deniable authenticated key establishment for Internet protocols, 11th International Workshop on Security Protocols, Cambridge (UK), April [5] T. J. Cao, D. D. Lin and R. Xue, An Efficient ID-based Deniable Authentication Protocol from Pairings, Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA 05) [6] J. S. Chou, Y. L. Chen, J. C. Huang, A ID-Based Deniable Authentication Protocol on pairings, Cryptology eprint Archive: Report, (335)(2006). [7] J. S. Chou, Y. L. Chen, M. D. Yang, Weaknesses of the Boyd-Mao Deniable Authenticated key Establishment for Internet Protocols, Cryptology eprint Archive: Report, (451)(2005). [8] X. Deng, Lee, C. H. Lee, and H. Zhu, Deniable authentication protocols, IEE Proc. Comput. Digit. Tech., Vol. 148 (2), March 2001, pp [9] C. Dwork, M. Naor, A. Sahai, Concurrent zero-knowledge, Proc. 30th ACM STOC 98, Dallas TX, USA, 1998, pp [10] L. Fan, C. X. Xu, J. H. Li, Deniable authentication protocol based on Diffie-Hellman algorithm, Electronics Letters 38. (4) (2002) [11] S. Q. Jiang, Deniable Authentication on the Internet, Cryptology eprint Archive: Report, (082)(2007). [12] K. G. Paterson. Cryptography from pairings: a snapshot of current research, Information Security Technical Report, Vol. 7(3) (2002), [13] R. Sakai and K. Ohgishiand, Cryptosystems based on pairing, in the 2000 Symposium on Cryptography and Information Security, Okinawa, Japan,(2000). [14] S. B. Wilson, and A. Menezes, Authenticated Diffie-Hellman key agreement protocols, Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography (SAC 98), LNCS, (1999) ( ). [15] E. J. Yoon, E. K. Ryu, K. Y. Yoo, Improvement of Fan et al.'s Deniable Authentication Protocol based on Diffie-Hellman Algorithm, Applied Mathematics and Computation, Vol. 167 (1), August 2005, pp [16] Robert W. Zhu, Duncan S. Wong, and Chan H. Lee, Cryptanalysis of a Suite of Deniable Authentication Protocols, IEEE COMMUNICATIONS LETTERS, VOL. 10, NO. 6, JUNE 2006, pp
Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05
Cryptanalysis and improvement of an ID-based ad-hoc anonymous identification scheme at CT-RSA 05 Fangguo Zhang 1 and Xiaofeng Chen 2 1 Department of Electronics and Communication Engineering, Sun Yat-sen
More informationID-based Encryption Scheme Secure against Chosen Ciphertext Attacks
ID-based Encryption Scheme Secure against Chosen Ciphertext Attacks ongxing Lu and Zhenfu Cao Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200030, P.. China {cao-zf,
More informationSecurity Analysis of Some Batch Verifying Signatures from Pairings
International Journal of Network Security, Vol.3, No.2, PP.138 143, Sept. 2006 (http://ijns.nchu.edu.tw/) 138 Security Analysis of Some Batch Verifying Signatures from Pairings Tianjie Cao 1,2,3, Dongdai
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationImproved ID-based Authenticated Group Key Agreement Secure Against Impersonation Attack by Insider
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript has been published without reviewing and editing as received from the authors: posting the manuscript to
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu Outline Applications Elliptic Curve Group over real number and F p Weil Pairing BasicIdent FullIdent Extensions Escrow
More informationThe odd couple: MQV and HMQV
The odd couple: MQV and HMQV Jean-Philippe Aumasson 1 / 49 Summary MQV = EC-DH-based key agreement protocol, proposed by Menezes, Qu and Vanstone (1995), improved with Law and Solinas (1998), widely standardized
More informationUnbalancing Pairing-Based Key Exchange Protocols
Unbalancing Pairing-Based Key Exchange Protocols Michael Scott Certivox Labs mike.scott@certivox.com Abstract. In many pairing-based protocols more than one party is involved, and some or all of them may
More informationAvailable online at J. Math. Comput. Sci. 6 (2016), No. 3, ISSN:
Available online at http://scik.org J. Math. Comput. Sci. 6 (2016), No. 3, 281-289 ISSN: 1927-5307 AN ID-BASED KEY-EXPOSURE FREE CHAMELEON HASHING UNDER SCHNORR SIGNATURE TEJESHWARI THAKUR, BIRENDRA KUMAR
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More informationREMARKS ON IBE SCHEME OF WANG AND CAO
REMARKS ON IBE SCEME OF WANG AND CAO Sunder Lal and Priyam Sharma Derpartment of Mathematics, Dr. B.R.A.(Agra), University, Agra-800(UP), India. E-mail- sunder_lal@rediffmail.com, priyam_sharma.ibs@rediffmail.com
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationShort Signature Scheme From Bilinear Pairings
Sedat Akleylek, Barış Bülent Kırlar, Ömer Sever, and Zaliha Yüce Institute of Applied Mathematics, Middle East Technical University, Ankara, Turkey {akleylek,kirlar}@metu.edu.tr,severomer@yahoo.com,zyuce@stm.com.tr
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationSecure Bilinear Diffie-Hellman Bits
Secure Bilinear Diffie-Hellman Bits Steven D. Galbraith 1, Herbie J. Hopkins 1, and Igor E. Shparlinski 2 1 Mathematics Department, Royal Holloway University of London Egham, Surrey, TW20 0EX, UK Steven.Galbraith@rhul.ac.uk,
More informationAn Introduction to Pairings in Cryptography
An Introduction to Pairings in Cryptography Craig Costello Information Security Institute Queensland University of Technology INN652 - Advanced Cryptology, October 2009 Outline 1 Introduction to Pairings
More informationID-Based Blind Signature and Ring Signature from Pairings
ID-Based Blind Signature and Ring Signature from Pairings Fangguo Zhang and Kwangjo Kim International Research center for Information Security (IRIS) Information and Communications University(ICU), 58-4
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationIdentity Based Undeniable Signatures
Identity Based Undeniable Signatures Benoît Libert Jean-Jacques Quisquater UCL Crypto Group Place du Levant, 3. B-1348 Louvain-La-Neuve. Belgium {libert,jjq}@dice.ucl.ac.be http://www.uclcrypto.org/ Abstract.
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationMulti-key Hierarchical Identity-Based Signatures
Multi-key Hierarchical Identity-Based Signatures Hoon Wei Lim Nanyang Technological University 9 June 2010 Outline 1 Introduction 2 Preliminaries 3 Multi-key HIBS 4 Security Analysis 5 Discussion 6 Open
More informationPairing-Based Cryptography An Introduction
ECRYPT Summer School Samos 1 Pairing-Based Cryptography An Introduction Kenny Paterson kenny.paterson@rhul.ac.uk May 4th 2007 ECRYPT Summer School Samos 2 The Pairings Explosion Pairings originally used
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationCryptanalysis of a Group Key Transfer Protocol Based on Secret Sharing: Generalization and Countermeasures
Cryptanalysis of a Group Key Transfer Protocol Based on Secret Sharing: Generalization and Countermeasures Kallepu Raju, Appala Naidu Tentu, V. Ch. Venkaiah Abstract: Group key distribution protocol is
More informationOn the Big Gap Between p and q in DSA
On the Big Gap Between p and in DSA Zhengjun Cao Department of Mathematics, Shanghai University, Shanghai, China, 200444. caozhj@shu.edu.cn Abstract We introduce a message attack against DSA and show that
More informationAn Efficient Signature Scheme from Bilinear Pairings and Its Applications
An Efficient Signature Scheme from Bilinear Pairings and Its Applications Fangguo Zhang, Reihaneh Safavi-Naini and Willy Susilo School of Information Technology and Computer Science University of Wollongong,
More informationIdentity-Based Chameleon Hash Scheme Without Key Exposure
Identity-Based Chameleon Hash Scheme Without Key Exposure Xiaofeng Chen, Fangguo Zhang, Haibo Tian, and Kwangjo Kim 1 Key Laboratory of Computer Networks and Information Security, Ministry of Education,
More informationAn Efficient ID-based Digital Signature with Message Recovery Based on Pairing
An Efficient ID-based Digital Signature with Message Recovery Based on Pairing Raylin Tso, Chunxiang Gu, Takeshi Okamoto, and Eiji Okamoto Department of Risk Engineering Graduate School of Systems and
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationSecure and Practical Identity-Based Encryption
Secure and Practical Identity-Based Encryption David Naccache Groupe de Cyptographie, Deṕartement d Informatique École Normale Supérieure 45 rue d Ulm, 75005 Paris, France david.nacache@ens.fr Abstract.
More informationKey-Exposure Free Chameleon Hashing and Signatures Based on Discrete Logarithm Systems
Key-Exposure Free Chameleon Hashing and Signatures Based on Discrete Logarithm Systems Xiaofeng Chen, Fangguo Zhang, Haibo Tian, Baodian Wei, and Kwangjo Kim 1 School of Information Science and Technology,
More informationPublic-Key Cryptography. Public-Key Certificates. Public-Key Certificates: Use
Public-Key Cryptography Tutorial on Dr. Associate Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur http://cse.iitkgp.ac.in/ abhij/ January 30, 2017 Short
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationID-based tripartite key agreement with signatures
-based tripartite key agreement with signatures 1 Divya Nalla ILab, Dept of omputer/info Sciences, University of Hyderabad, Gachibowli, Hyderabad, 500046, India divyanalla@yahoocom bstract : This paper
More informationStrongly Unforgeable Signatures Based on Computational Diffie-Hellman
Strongly Unforgeable Signatures Based on Computational Diffie-Hellman Dan Boneh 1, Emily Shen 1, and Brent Waters 2 1 Computer Science Department, Stanford University, Stanford, CA {dabo,emily}@cs.stanford.edu
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols University of Massachusetts Amherst nichols@math.umass.edu WINRS Research Symposium Brown University March 4, 2017 Cryptography basics Cryptography
More informationOn the security of Jhanwar-Barua Identity-Based Encryption Scheme
On the security of Jhanwar-Barua Identity-Based Encryption Scheme Adrian G. Schipor aschipor@info.uaic.ro 1 Department of Computer Science Al. I. Cuza University of Iași Iași 700506, Romania Abstract In
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationOutline. The Game-based Methodology for Computational Security Proofs. Public-Key Cryptography. Outline. Introduction Provable Security
The Game-based Methodology for Computational s David Pointcheval Ecole normale supérieure, CNRS & INRIA Computational and Symbolic Proofs of Security Atagawa Heights Japan April 6th, 2009 1/39 2/39 Public-Key
More informationPrevention of Exponential Equivalence in Simple Password Exponential Key Exchange (SPEKE)
Symmetry 2015, 7, 1587-1594; doi:10.3390/sym7031587 OPEN ACCESS symmetry ISSN 2073-8994 www.mdpi.com/journal/symmetry Article Prevention of Exponential Equivalence in Simple Password Exponential Key Exchange
More informationAn Efficient Signature Scheme from Bilinear Pairings and Its Applications
An Efficient Signature Scheme from Bilinear Pairings and Its Applications Fangguo Zhang, Reihaneh Safavi-Naini and Willy Susilo School of Information Technology and Computer Science University of Wollongong,
More informationCryptanalysis of Threshold-Multisignature Schemes
Cryptanalysis of Threshold-Multisignature Schemes Lifeng Guo Institute of Systems Science, Academy of Mathematics and System Sciences, Chinese Academy of Sciences, Beijing 100080, P.R. China E-mail address:
More informationA Dierential Power Analysis attack against the Miller's Algorithm
A Dierential Power Analysis attack against the Miller's Algorithm Nadia El Mrabet (1), G. Di Natale (2) and M.L. Flottes (2) (1) Team Arith, (2) Team CCSI/LIRMM, Université Montpellier 2 Prime 2009, UCC,
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationBoneh-Franklin Identity Based Encryption Revisited
Boneh-Franklin Identity Based Encryption Revisited David Galindo Institute for Computing and Information Sciences Radboud University Nijmegen P.O.Box 9010 6500 GL, Nijmegen, The Netherlands. d.galindo@cs.ru.nl
More informationOne can use elliptic curves to factor integers, although probably not RSA moduli.
Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties
More informationSecure Certificateless Public Key Encryption without Redundancy
Secure Certificateless Public Key Encryption without Redundancy Yinxia Sun and Futai Zhang School of Mathematics and Computer Science Nanjing Normal University, Nanjing 210097, P.R.China Abstract. Certificateless
More informationElliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.
Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elisa Lorenzo García Université de Rennes 1 14-09-2017 Elisa Lorenzo García (Rennes 1) Elliptic Curves 4 14-09-2017 1 /
More informationApplied cryptography
Applied cryptography Identity-based Cryptography Andreas Hülsing 19 November 2015 1 / 37 The public key problem How to obtain the correct public key of a user? How to check its authenticity? General answer:
More informationCryptography from Pairings
DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 1 Cryptography from Pairings Kenny Paterson kenny.paterson@rhul.ac.uk May 31st 2007 DIAMANT/EIDMA Symposium, May 31st/June 1st 2007 2 The Pairings Explosion
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationSimple SK-ID-KEM 1. 1 Introduction
1 Simple SK-ID-KEM 1 Zhaohui Cheng School of Computing Science, Middlesex University The Burroughs, Hendon, London, NW4 4BT, United Kingdom. m.z.cheng@mdx.ac.uk Abstract. In 2001, Boneh and Franklin presented
More informationLecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security
Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security Boaz Barak November 21, 2007 Cyclic groups and discrete log A group G is cyclic if there exists a generator
More informationRemove Key Escrow from The Identity-Based Encryption System
Remove Key Escrow from The Identity-Based Encryption System Zhaohui Cheng, Richard Comley and Luminita Vasiu School of Computing Science, Middlesex University, White Hart Lane, London N17 8HR, UK. {m.z.cheng,r.comley,l.vasiu}@mdx.ac.uk
More informationSecret-Key Agreement over Unauthenticated Public Channels Part I: Definitions and a Completeness Result
Secret-Key Agreement over Unauthenticated Public Channels Part I: Definitions and a Completeness Result Ueli Maurer, Fellow, IEEE Stefan Wolf Abstract This is the first part of a three-part paper on secret-key
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationA new conic curve digital signature scheme with message recovery and without one-way hash functions
Annals of the University of Craiova, Mathematics and Computer Science Series Volume 40(2), 2013, Pages 148 153 ISSN: 1223-6934 A new conic curve digital signature scheme with message recovery and without
More informationGeneric construction of (identity-based) perfect concurrent signatures
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2005 Generic construction of (identity-based) perfect concurrent signatures
More informationA NEW ID-BASED SIGNATURE WITH BATCH VERIFICATION
Trends in Mathematics Information Center for Mathematical Sciences Volume 8, Number 1, June, 2005, Pages 119 131 A NEW ID-BASED SIGNATURE WITH BATCH VERIFICATION JUNG HEE CHEON 1, YONGDAE KIM 2 AND HYO
More informationA New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm
A New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm Min-Shiang Hwang Cheng-Chi Lee Shiang-Feng Tzeng Department of Management Information System National Chung Hsing University
More informationA New Key Exchange Protocol Based on DLP and FP in Centralizer Near-Ring
Volume 117 No. 14 2017, 247-252 ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu ijpam.eu A New Key Exchange Protocol Based on DLP and FP in Centralizer Near-Ring
More informationThreshold Undeniable RSA Signature Scheme
Threshold Undeniable RSA Signature Scheme Guilin Wang 1, Sihan Qing 1, Mingsheng Wang 1, and Zhanfei Zhou 2 1 Engineering Research Center for Information Security Technology; State Key Laboratory of Information
More informationPublic Key Encryption with Conjunctive Field Keyword Search
Public Key Encryption with Conjunctive Field Keyword Search Dong Jin PARK Kihyun KIM Pil Joong LEE IS Lab, POSTECH, Korea August 23, 2004 Contents 1 Preliminary 2 Security Model 3 Proposed Scheme 1 4 Proposed
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationPolynomial Interpolation in the Elliptic Curve Cryptosystem
Journal of Mathematics and Statistics 7 (4): 326-331, 2011 ISSN 1549-3644 2011 Science Publications Polynomial Interpolation in the Elliptic Curve Cryptosystem Liew Khang Jie and Hailiza Kamarulhaili School
More informationNew Variant of ElGamal Signature Scheme
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 34, 1653-1662 New Variant of ElGamal Signature Scheme Omar Khadir Department of Mathematics Faculty of Science and Technology University of Hassan II-Mohammedia,
More informationA Note On Groth-Ostrovsky-Sahai Non-Interactive Zero-Knowledge Proof System
A Note On Groth-Ostrovsky-Sahai Non-Interactive Zero-Knowledge Proof System Zhengjun Cao 1, Lihua Liu 2, Abstract. In 2006, Groth, Ostrovsky and Sahai designed one non-interactive zero-knowledge (NIZK
More informationQuantum-resistant cryptography
Quantum-resistant cryptography Background: In quantum computers, states are represented as vectors in a Hilbert space. Quantum gates act on the space and allow us to manipulate quantum states with combination
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationA SIMPLE GENERALIZATION OF THE ELGAMAL CRYPTOSYSTEM TO NON-ABELIAN GROUPS
Communications in Algebra, 3: 3878 3889, 2008 Copyright Taylor & Francis Group, LLC ISSN: 0092-7872 print/132-12 online DOI: 10.1080/0092787080210883 A SIMPLE GENERALIZATION OF THE ELGAMAL CRYPTOSYSTEM
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationABHELSINKI UNIVERSITY OF TECHNOLOGY
Identity-Based Cryptography T-79.5502 Advanced Course in Cryptology Billy Brumley billy.brumley at hut.fi Helsinki University of Technology Identity-Based Cryptography 1/24 Outline Classical ID-Based Crypto;
More informationRecent Advances in Identity-based Encryption Pairing-based Constructions
Fields Institute Workshop on New Directions in Cryptography 1 Recent Advances in Identity-based Encryption Pairing-based Constructions Kenny Paterson kenny.paterson@rhul.ac.uk June 25th 2008 Fields Institute
More informationAsymmetric Pairings. Alfred Menezes (joint work with S. Chatterjee, D. Hankerson & E. Knapp)
Asymmetric Pairings Alfred Menezes (joint work with S. Chatterjee, D. Hankerson & E. Knapp) 1 Overview In their 2006 paper "Pairings for cryptographers", Galbraith, Paterson and Smart identified three
More informationFrom Fixed-Length to Arbitrary-Length RSA Encoding Schemes Revisited
From Fixed-Length to Arbitrary-Length RSA Encoding Schemes Revisited Julien Cathalo 1, Jean-Sébastien Coron 2, and David Naccache 2,3 1 UCL Crypto Group Place du Levant 3, Louvain-la-Neuve, B-1348, Belgium
More informationProvable Security Proofs and their Interpretation in the Real World
Provable Security Proofs and their Interpretation in the Real World Vikram Singh Abstract This paper analyses provable security proofs, using the EDL signature scheme as its case study, and interprets
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationA Small Subgroup Attack on Arazi s Key Agreement Protocol
Small Subgroup ttack on razi s Key greement Protocol Dan Brown Certicom Research, Canada dbrown@certicom.com lfred Menezes Dept. of C&O, University of Waterloo, Canada ajmeneze@uwaterloo.ca bstract In
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationSharing DSS by the Chinese Remainder Theorem
Sharing DSS by the Chinese Remainder Theorem Kamer Kaya,a, Ali Aydın Selçuk b a Ohio State University, Columbus, 43210, OH, USA b Bilkent University, Ankara, 06800, Turkey Abstract In this paper, we propose
More informationOne-round and authenticated three-party multiple key exchange. protocol from parings *
One-round and authenticated three-party multiple key exchange protocol from parings Feng LIU School of Mathematics & Information, Ludong University, Yantai 264025, China E-mail: liufeng23490@126.com (2010-05
More informationSecurity Implications of Quantum Technologies
Security Implications of Quantum Technologies Jim Alves-Foss Center for Secure and Dependable Software Department of Computer Science University of Idaho Moscow, ID 83844-1010 email: jimaf@cs.uidaho.edu
More informationIntroduction to Braid Group Cryptography
Introduction to Braid Group Cryptography Parvez Anandam March 7, 2006 1 Introduction Public key cryptosystems rely on certain problems for which no fast algorithms are known. For instance, in Diffie-Hellman,
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationElliptic Curve Cryptology. Francis Rocco
Elliptic Curve Cryptology By Francis Rocco Submitted in partial fulfillment of the requirements for Honors in the Department of Mathematics Union College March, 2017 ABSTRACT ROCCO, FRANCIS Elliptic Curve
More informationIdentity Based Proxy Signature from RSA without Pairings
International Journal of Network Security, Vol.19, No.2, PP.229-235, Mar. 2017 (DOI: 10.6633/IJNS.201703.19(2).07) 229 Identity Based Proxy Signature from RSA without Pairings Lunzhi Deng, Huawei Huang,
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationOn Security Proof of McCullagh-Barreto s Key Agreement Protocol and its Variants
On Security Proof of McCullagh-Barreto s Key Agreement Protocol and its Variants Zhaohui Cheng School of Computing Science, Middlesex University The Burroughs, Hendon, London, UK E-mail: m.z.cheng@mdx.ac.uk
More informationLecture 28: Public-key Cryptography. Public-key Cryptography
Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access
More informationAN OBSERVATION ABOUT VARIATIONS OF THE DIFFIE-HELLMAN ASSUMPTION
AN OBSERVATION ABOUT VARIATIONS OF THE DIFFIE-HELLMAN ASSUMPTION R. BHASKAR, K. CHANDRASEKARAN, S. LOKAM, P.L. MONTGOMERY, R. VENKATESAN, AND Y. YACOBI Abstract. We generalize the Strong Boneh-Boyen (SBB)
More informationCryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages
Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages MEI-NA WANG Institute for Information Industry Networks and Multimedia Institute TAIWAN, R.O.C. myrawang@iii.org.tw SUNG-MING
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 18 November 6, 2017 CPSC 467, Lecture 18 1/52 Authentication While Preventing Impersonation Challenge-response authentication protocols
More informationResearch Article A Novel Anonymous Proxy Signature Scheme
Advances in Multimedia Volume 2012, Article ID 427961, 10 pages doi:10.1155/2012/427961 Research Article A Novel Anonymous Proxy Signature Scheme Jue-Sam Chou Department of Information Management, Nanhua
More informationMasao KASAHARA. Graduate School of Osaka Gakuin University
Abstract Construction of New Classes of Knapsack Type Public Key Cryptosystem Using Uniform Secret Sequence, K(II)ΣΠPKC, Constructed Based on Maximum Length Code Masao KASAHARA Graduate School of Osaka
More informationEfficient Identity-Based Encryption Without Random Oracles
Efficient Identity-Based Encryption Without Random Oracles Brent Waters Abstract We present the first efficient Identity-Based Encryption (IBE) scheme that is fully secure without random oracles. We first
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More information